CN116471081B - Indoor security anonymous authentication method based on Internet of things technology - Google Patents
Indoor security anonymous authentication method based on Internet of things technology Download PDFInfo
- Publication number
- CN116471081B CN116471081B CN202310411126.7A CN202310411126A CN116471081B CN 116471081 B CN116471081 B CN 116471081B CN 202310411126 A CN202310411126 A CN 202310411126A CN 116471081 B CN116471081 B CN 116471081B
- Authority
- CN
- China
- Prior art keywords
- security
- personnel
- security personnel
- data receiver
- anonymous
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
- H04L63/0421—Anonymous communication, i.e. the party's identifiers are hidden from the other party or parties, e.g. using an anonymizer
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0823—Network architectures or network communication protocols for network security for authentication of entities using certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3297—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y04—INFORMATION OR COMMUNICATION TECHNOLOGIES HAVING AN IMPACT ON OTHER TECHNOLOGY AREAS
- Y04S—SYSTEMS INTEGRATING TECHNOLOGIES RELATED TO POWER NETWORK OPERATION, COMMUNICATION OR INFORMATION TECHNOLOGIES FOR IMPROVING THE ELECTRICAL POWER GENERATION, TRANSMISSION, DISTRIBUTION, MANAGEMENT OR USAGE, i.e. SMART GRIDS
- Y04S40/00—Systems for electrical power generation, transmission, distribution or end-user application management characterised by the use of communication or information technologies, or communication or information technology specific aspects supporting them
- Y04S40/20—Information technology specific aspects, e.g. CAD, simulation, modelling, system security
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Physics & Mathematics (AREA)
- Algebra (AREA)
- General Physics & Mathematics (AREA)
- Mathematical Analysis (AREA)
- Mathematical Optimization (AREA)
- Mathematical Physics (AREA)
- Pure & Applied Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Telephonic Communication Services (AREA)
Abstract
本发明公开了一种基于物联网技术的室内安防匿名认证方法,包括如下步骤:S1、在服务器中初始化激活受信任的权威机构,所述服务器包括数据接收器;S2、所述服务器接收运维人员和安保人员提供的个人信息,所述受信任的权威机构依据所述个人信息生成身份信息并存储在所述数据接收器中;S3、所述运维人员和所述安保人员通过所述受信任的权威机构进行相互匿名验证,若相互验证合法,则所述数据接收器对所述身份信息进行加密,反之不加密。该方法在信息安全性的基础上使用了较低的计算成本。
The invention discloses an indoor security anonymous authentication method based on Internet of Things technology, which includes the following steps: S1. Initialize and activate a trusted authority in a server, where the server includes a data receiver; S2. The server receives and operates Personal information provided by personnel and security personnel, the trusted authority generates identity information based on the personal information and stores it in the data receiver; S3, the operation and maintenance personnel and the security personnel use the trusted Any authoritative institution conducts mutual anonymous verification. If the mutual verification is legal, the data receiver encrypts the identity information, otherwise it does not encrypt. This method uses low computational cost on the basis of information security.
Description
Technical Field
The application relates to the technical field of encryption of the Internet of things, in particular to an indoor security anonymous authentication method based on the Internet of things technology.
Background
With the rapid development of the internet of things technology, more and more devices are connected to the internet, and the devices can acquire environmental information through sensors and communicate with other devices, so that intelligent control and management are realized. In the indoor security field, the sensor can be used for detecting abnormal conditions such as invasion, fire disaster, smoke and the like, and timely sending alarm information to security departments. Currently, many indoor security systems use authentication methods based on authentication, i.e., a user must provide identity information to access a sensor or other device. However, this method has some drawbacks, for example, the identity information is easily compromised or falsified, resulting in a threat to the privacy and security of the user. In addition, the operation and maintenance personnel of the sensor and the staff of the security department also need to protect the privacy and safety of the sensor. Therefore, the data storage device should store and transmit sensor data in secret to prevent information from being leaked to an illegal user.
In order to protect the privacy of an indoor sensor and operation and maintenance personnel thereof and the privacy of security personnel, it is necessary to develop an indoor security anonymous authentication method which is safer and protects privacy. However, many schemes are not computationally efficient in anonymous authentication processes.
Therefore, to overcome these limitations, it is necessary to provide a method that overcomes the security weakness of existing schemes and provides lower computational costs in the anonymous authentication process.
Disclosure of Invention
The application aims to provide an indoor security anonymous authentication method based on the internet of things technology, which uses lower calculation cost on the basis of information security.
In order to achieve the above purpose, the present application provides the following technical solutions: an indoor security anonymous authentication method based on the internet of things technology comprises the following steps:
s1, initializing and activating a trusted authority in a server, wherein the server comprises a data receiver;
s2, the server receives personal information provided by operation staff and security staff, and the trusted authority generates identity information according to the personal information and stores the identity information in the data receiver;
s3, the operation and maintenance personnel and the security personnel carry out mutual anonymous verification through the trusted authority, if the mutual verification is legal, the data receiver encrypts the identity information, otherwise, the identity information is not encrypted.
Further, the initializing and activating the trusted authority in the server is specifically as follows: the trusted authority generates parameters, keys, and a secure encryption function.
Further, the trusted authority selects a random numberAs its master key, < >>As its private key, < >>As its public key, choose +.>As an authentication parameter, a hash function is selected:for its secure encryption function, and choose +.>As a system public parameter, wherein q represents a large prime number domain,/->Multiplication loop order representing three q-orders, +.>Are respectively->Subset of (a), i.e.)>E represents a natural constant.
Further, the personal information includes a name, a mobile phone number, an address, and an email id; the identity information includes an anonymous identity, a tracking parameter, and an identity key.
Further, the trusted authority generating the identity information for the operation and maintenance personnel specifically includes: selecting a random numberWill be gotThe private key of the operation and maintenance personnel is expressed as:The corresponding public key is denoted +.>The method comprises the steps of carrying out a first treatment on the surface of the For every operation and maintenance person->Generating an anonymous identity->The method comprises the steps of carrying out a first treatment on the surface of the For every operation and maintenance person->Generating tracking parameters:And will->,Is kept in a tracking list of the trusted authority.
Further, the trusted authority generating the identity information for the security personnel specifically includes: selecting a random numberAnd the private key of the security personnel is expressed as +.>The corresponding public key is denoted +.>The method comprises the steps of carrying out a first treatment on the surface of the For every security personnel->Generating an anonymous identity->The method comprises the steps of carrying out a first treatment on the surface of the For every security personnel->Is to generate an anonymous identity +.>The method comprises the steps of carrying out a first treatment on the surface of the For every security personnel->Generating tracking parameters:and will->,Is kept in a tracking list of the trusted authority.
Further, the security personnel anonymously verifies the operation and maintenance personnel, wherein the operation and maintenance personnel identity verification comprises the following steps of: the data receiver of the operation and maintenance personnel selects 4 random numbersAs a short-lived session key and calculate +.>Wherein:,,,,The method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates SLC:and 4 short-lived virtual parameters:,,,The method comprises the steps of carrying out a first treatment on the surface of the The data receiver sets the anonymous authentication certificate AAC to:then calculate +.>And sets an anonymous message +.>:Wherein->Representing the current timestamp.
Further, the operation and maintenance personnel anonymously verifying the security personnel comprises verifying the identity and the validity of the security personnel, wherein the verifying the identity of the security personnel specifically comprises: the security personnel check the timestampAnd makeWherein->Is the operation and maintenance personnelAnd the time delay mutually agreed by the security personnel; the security personnel calculate:,,The method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates its OSLC:And compares whether or not there isIf the security personnel exist, the security personnel accept the SLC, and if the security personnel do not exist, the security personnel reject the SLC; wherein, the correctness proves as follows:
,
,
;
if any one of the verification processes fails, the operation and maintenance personnel can be considered as illegal users;
verifying the validity of the security personnel specifically comprises the following steps: the security personnelCalculating arbitrary parametersThen, calculating:Calculating its anonymous credential:and associate it with a timestamp->Send to the operation and maintenance personnel +.>Is a data receiver of (a); the operation and maintenance personnel are->After receiving the information, the data receiver of (1) first verifies the current timestamp and then verifies if it is presentTo check the security personnel +.>The validity of which proves as:
;
the operation and maintenance personnelIs calculated by the data receiver of (1):And compares whether there is +>If so, consider the security personnel +.>Is an authenticated user, if not present, directly terminating the security personnel +.>Is to be used for subsequent communication.
Further, the encrypting the identity information by the data receiver specifically includes: the data receiver of the operation and maintenance personnel sends sensor data BI to the security personnel, and the sensor data BI is encrypted and decrypted by the data receiver by using any one of encryption algorithms based on ECC.
Further, the ECC-based encryption algorithm is an ECC elliptic curve encryption algorithm, which is ECDH or ECDSA.
Further, the method further comprises the following steps: the trusted authority may revoke the security personnel of the improper behavior.
In summary, the application has the technical effects and advantages that:
the application provides an indoor security anonymous authentication method based on the internet of things, which ensures the security of information and protects the personal privacy and identity information of a user by mutually anonymously verifying operation and maintenance personnel and security personnel, thereby avoiding the situation that the user refuses to use an indoor security system because of the security problem; meanwhile, the authentication method provided by the application improves the calculation efficiency through the technology of the Internet of things, and has low calculation cost.
Drawings
In order to more clearly illustrate the embodiments of the application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, it being obvious that the drawings in the following description are only some embodiments of the application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of steps of an indoor security anonymous authentication method based on the internet of things technology according to an embodiment;
fig. 2 is a schematic diagram of an indoor security anonymous authentication method module based on the internet of things technology according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present application, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
Examples: referring to fig. 1-2, an indoor security anonymous authentication method based on the internet of things technology comprises the following steps:
s1, initializing and activating a trusted authority in a server, wherein the server comprises a data receiver;
s2, the server receives personal information provided by operation staff and security staff, and the trusted authority generates identity information according to the personal information and stores the identity information in the data receiver;
s3, the operation and maintenance personnel and the security personnel carry out mutual anonymous verification through the trusted authority, if the mutual verification is legal, the data receiver encrypts the identity information, otherwise, the identity information is not encrypted.
In this embodiment, for step S1, the initializing and activating the trusted authority by the server specifically includes: the trusted authority generates parameters, keys, and a secure encryption function. The method specifically comprises the following steps: the trusted authority selects a random numberAs its master key, < >>As its private key, < >>As its public key, selectAs identity verification parameter, hash function is selected:For its secure encryption function, and selectAs a system public parameter, wherein q represents a large prime number domain,/->Multiplication loop order representing three q-orders, +.>Are respectively->Subset of (a), i.e.)>Wherein e represents a natural constant.
In this embodiment, personal information of the user including a name, a mobile phone number, an address, and an email id needs to be provided for registration of the user; the identity information produced accordingly by the trusted authority includes an anonymous identity, tracking parameters, and an identity key.
In particular, if the user is an operation and maintenance personThe trusted authority obtains +.>And store it in a secure manner in a database. Said trusted authority selecting a random number +.>And represents the private key as:The corresponding public key is +>. The trusted authority is +.>Generating an anonymous identity->So that the true identity of the operation and maintenance personnel is protected from unauthorized users during the communication. In the indoor security anonymous authentication method, the operation and maintenance personnel uses anonymous identity +.>To communicate, is->Mapping with the user's real credentials only in the trusted authority. Thus, anonymous identities will not provide an attacker with an operation and maintenance person +.>Is a real information of the (b). The trusted authority is for each operation and maintenance personGenerating tracking parameters:And will->,Is kept in a tracking list of the trusted authority. Then, the trusted authority will +.>Send to->,Will->Stored in the own data receiver, the trusted authority will +.>) Send to->,After receiving this information, execute->And get->。
If the user is a security personnelThe trusted authority obtains +.>And store it in a secure manner in a database. Said trusted authority selecting a random number +.>And the private key is expressed as +.>The corresponding public key is +>. The trusted authority is +.>Generating an anonymous identity->. Furthermore, the security personnel need to be those who have been registered in the book at their work, the trusted authority being +.>Is to generate an anonymous identity +.>The trusted authority can only generate this identity if the corresponding work entity is registered in the trusted authority, and the security personnel of the non-registered work entity cannot use the indoor security system. The trusted authority is +.>Generating tracking parameters:And will->And storing the information in a tracking list of the trusted authority. Furthermore, the trusted authority is +/for each security person>Two keys are selected:And (2) and. The trusted authority will +.>Send to->,Will store +.>The trusted authority will:Send to->,After receiving this information, execute->And obtain:. After the registration process is completed, the operation and maintenance personnel and the security personnel can carry out anonymous authentication.
In this embodiment, referring to fig. 2, the anonymously verifying the operation and maintenance personnel by the security personnel includes verifying the identity of the operation and maintenance personnel, specifically: the data receiver of the operation and maintenance personnel selects 4 random numbersAs a short-lived session key and calculate +.>Wherein:,,,,The method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates SLC:And 4 short-lived virtual parameters:,,,The method comprises the steps of carrying out a first treatment on the surface of the The data receiver sets the anonymous authentication certificate AAC to:Then calculate +.>And sets an anonymous message +.>:Wherein->Representing the current timestamp.
In this embodiment, the operation and maintenance personnel anonymously verifies the security personnel including verifying the identity and validity of the security personnel, where verifying the identity of the security personnel specifically includes: the security personnel check the timestampAnd makeWherein->The time delay is mutually agreed by the operation and maintenance personnel and the security personnel; the security personnel calculate:,,The method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates its OSLC:And compares whether or not there isIf the security personnel exist, the security personnel accept the SLC, and if the security personnel do not exist, the security personnel reject the SLC; wherein, the correctness proves as follows:
,
,
。
if any one of the verification processes fails, the operation and maintenance personnel can be considered as illegal users;
verifying the validity of the security personnel specifically comprises the following steps: the security personnelCalculating arbitrary parametersThen, calculating:Calculating its anonymous credential:and associate it with a timestamp->Send to the operation and maintenance personnel +.>Is a data receiver of (a); the operation and maintenance personnel are->After receiving the information, the data receiver of (1) first verifies the current timestamp and then verifies if it is presentTo check the security personnel +.>The validity of which proves as:
;
the operation and maintenance personnelIs calculated by the data receiver of (1):And compares whether there is +>If so, consider the security personnel +.>Is an authenticated user if not presentIn the mean, the security personnel are directly terminated +.>Is to be used for subsequent communication.
In this embodiment, the encrypting, by the data receiver, the identity information specifically includes: the data receiver of the operation and maintenance personnel sends sensor data BI to the security personnel, and the sensor data BI is encrypted and decrypted by the data receiver by using any one of encryption algorithms based on ECC. Wherein the ECC-based encryption algorithm is an ECC elliptic curve encryption algorithm, such as ECDH or ECDSA.
Specifically, the data receiver uses any one of the ECC-based encryption algorithms to encrypt and decrypt: the data receiver of the operation and maintenance personnel firstly obtains a random number in the encryption processAnd calculates ciphertext:wherein->When the security personnel needs to know the position information of the operation and maintenance personnel, use +.>Value of>. In the decryption process, security personnel receive C and pass through:Decryption is performed. The correctness of the test paper is proved as follows:
,
wherein,
;
。
likewise, the security personnel send their advice MA to the operation and maintenance personnel in the following encrypted manner: selecting a random numberAnd calculates ciphertext ++>Wherein:
;
security personnel receiveAnd then decrypted by the decryption process of claim 12 to obtain MA.
In this embodiment, the trusted authority may revoke security personnel with improper behavior. The method comprises the following steps: even authenticated security personnel may send incorrect advice information to the operation and maintenance personnel, thereby causing the operation and maintenance personnel to perform incorrect operations. If such improper behavior occurs, the trusted authority may revoke the misbehaving security personnel from the anonymous authentication system. The method comprises the following steps: the trusted authority decrypts the ciphertext of the corresponding security personnel by using the private key of the operation and maintenance personnel receiving the error proposal information of the security personnel. Then, the trusted authority calculates +.>And by means of its tracking list the parameter is +.>Is identified by the trusted authority as +.>After that, it is withdrawn from the anonymous authentication system, and the operation and maintenance personnel cannot associate with +.>Further communication is performed.
The application has the advantages that the application provides the indoor security anonymous authentication method based on the internet of things technology, through mutual anonymous authentication of operation and maintenance personnel and security personnel, the security of information is ensured, the personal privacy and identity information of a user are protected, and the situation that the user refuses to use an indoor security system because of security problems is avoided; meanwhile, the authentication method provided by the application improves the calculation efficiency through the technology of the Internet of things, and has low calculation cost.
Finally, it should be noted that: the foregoing description is only illustrative of the preferred embodiments of the present application, and although the present application has been described in detail with reference to the foregoing embodiments, it will be apparent to those skilled in the art that modifications may be made to the embodiments described, or equivalents may be substituted for elements thereof, and any modifications, equivalents, improvements or changes may be made without departing from the spirit and principles of the present application.
Claims (8)
1. An indoor security anonymous authentication method based on the internet of things technology comprises the following steps:
s1, initializing and activating a trusted authority in a server, wherein the server comprises a data receiver;
s2, the server receives personal information provided by operation staff and security staff, and the trusted authority generates identity information according to the personal information and stores the identity information in the data receiver;
s3, the operation and maintenance personnel and the security personnel carry out mutual anonymous verification through the trusted authority, if the mutual verification is legal, the data receiver encrypts the identity information, otherwise, the identity information is not encrypted;
the trusted authority generating the identity information for the operation and maintenance personnel specifically includes: selecting a random numberThe private key of the operation and maintenance personnel is expressed as:The corresponding public key is expressed asThe method comprises the steps of carrying out a first treatment on the surface of the For every operation and maintenance person->Generating an anonymous identity->The method comprises the steps of carrying out a first treatment on the surface of the For every operation and maintenance person->Generating tracking parameters:And will->,Stored in a tracking list of the trusted authority that generates the identity information for the security personnelThe method specifically comprises the following steps: selecting a random number +.>And the private key of the security personnel is expressed as +.>The corresponding public key is expressed asThe method comprises the steps of carrying out a first treatment on the surface of the For every security personnel->Generating an anonymous identity->The method comprises the steps of carrying out a first treatment on the surface of the For every security personnel->Is to generate an anonymous identity +.>The method comprises the steps of carrying out a first treatment on the surface of the For every security personnel->Generating tracking parameters:And will,Is kept in a tracking list of the trusted authority.
2. The internet of things technology-based indoor security anonymous authentication method as claimed in claim 1, wherein the initializing and activating trusted authorities in the server is specifically as follows: the trusted authority generates parameters, keys, and a secure encryption function.
3. The internet of things-based indoor security anonymous authentication method as defined in claim 2, wherein the trusted authority selects a random numberAs its master key, < >>As its private key, < >>As its public key, choose +.>As an authentication parameter, a hash function is selected:For its secure encryption function, and choose +.>As a system public parameter, wherein q represents a large prime number domain,/->Multiplication loop order representing three q-orders, +.>Are respectively->Subset of (a), i.e.)>E represents a natural constant.
4. The internet of things-based indoor security anonymous authentication method of claim 3, wherein the personal information includes name, phone number, address and email id; the identity information includes an anonymous identity, a tracking parameter, and an identity key.
5. The method for anonymously authenticating indoor security based on the internet of things technology according to claim 1, wherein the anonymously authenticating the operation and maintenance personnel by the security personnel comprises the steps of authenticating the identity of the operation and maintenance personnel, specifically: the data receiver of the operation and maintenance personnel selects 4 random numbersAs a short-lived session key and calculate +.>Wherein:,,,,The method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates SLC:And 4 short-lived virtual parameters:,,,The method comprises the steps of carrying out a first treatment on the surface of the The data receiver sets the anonymous authentication certificate AAC to:Then calculate +.>And sets an anonymous message +.>:Wherein->Representing the current timestamp.
6. The internet of things-based indoor security anonymous authentication method of claim 5, wherein the operation and maintenance personnel anonymously verifying the security personnel comprises verifying the identity and validity of the security personnel, wherein verifying the identity of the security personnel specifically comprises: the security personnel check the timestampAnd let->Wherein->The time delay is mutually agreed by the operation and maintenance personnel and the security personnel;the security personnel calculate:,,the method comprises the steps of carrying out a first treatment on the surface of the The data receiver calculates its OSLC:And compares whether there is ++>If the security personnel exist, the security personnel accept the SLC, and if the security personnel do not exist, the security personnel reject the SLC; wherein, the correctness proves as follows:
,
,
;
if any one of the verification processes fails, the operation and maintenance personnel can be considered as illegal users;
verifying the validity of the security personnel specifically comprises the following steps: the security personnelCalculate arbitrary parameter +.>Then, calculating:Calculating its anonymous credential:And associate it with a timestamp->Send to the operation and maintenance personnel +.>Is a data receiver of (a); the operation and maintenance personnel are->After receiving this information, first verifies the current timestamp and then verifies if +.>To check the security personnel +.>The validity of which proves as:
;
the operation and maintenance personnelIs calculated by the data receiver of (1):And compare whether or not there isIf so, consider the security personnel +.>Is an authenticated user, if not present, directly terminating the security personnel +.>Is to be used for subsequent communication.
7. The internet of things technology-based indoor security anonymous authentication method of claim 6, wherein the encrypting the identity information by the data receiver specifically comprises: the data receiver of the operation and maintenance personnel sends sensor data BI to the security personnel, and the sensor data BI is encrypted and decrypted by the data receiver by using any one of encryption algorithms based on ECC.
8. The internet of things technology-based indoor security anonymous authentication method of claim 7, wherein the ECC-based encryption algorithm is an ECC elliptic curve encryption algorithm, and the ECC elliptic curve encryption algorithm is ECDH or ECDSA;
further comprises: the trusted authority may revoke the security personnel of the improper behavior.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310411126.7A CN116471081B (en) | 2023-04-18 | 2023-04-18 | Indoor security anonymous authentication method based on Internet of things technology |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310411126.7A CN116471081B (en) | 2023-04-18 | 2023-04-18 | Indoor security anonymous authentication method based on Internet of things technology |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116471081A CN116471081A (en) | 2023-07-21 |
| CN116471081B true CN116471081B (en) | 2023-12-12 |
Family
ID=87174765
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310411126.7A Expired - Fee Related CN116471081B (en) | 2023-04-18 | 2023-04-18 | Indoor security anonymous authentication method based on Internet of things technology |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116471081B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013177304A2 (en) * | 2012-05-22 | 2013-11-28 | Partnet, Inc. | Systems and methods for verifying uniqueness in anonymous authentication |
| CN107360571A (en) * | 2017-09-08 | 2017-11-17 | 哈尔滨工业大学深圳研究生院 | Anonymity in a mobile network is mutually authenticated and key agreement protocol |
| CN108964919A (en) * | 2018-05-02 | 2018-12-07 | 西南石油大学 | The lightweight anonymous authentication method with secret protection based on car networking |
| CN109768861A (en) * | 2019-01-24 | 2019-05-17 | 西安电子科技大学 | Massive D2D anonymous discovery authentication and key agreement method |
| CN110071797A (en) * | 2019-02-01 | 2019-07-30 | 湖州师范学院 | The method of assumed name change car networking privacy-protection certification based on mixing context |
| KR20200016506A (en) * | 2018-08-07 | 2020-02-17 | 한국스마트인증 주식회사 | Method for Establishing Anonymous Digital Identity |
| EP3661165A1 (en) * | 2015-06-09 | 2020-06-03 | Intel Corporation | System, apparatus and method for privacy preserving distributed attestation for devices |
| CN111369251A (en) * | 2020-03-07 | 2020-07-03 | 中国人民解放军国防科技大学 | Block chain transaction supervision method based on user secondary identity structure |
| CN112468445A (en) * | 2020-10-29 | 2021-03-09 | 广西电网有限责任公司 | AMI lightweight data privacy protection method for power Internet of things |
| CN114978622A (en) * | 2022-05-08 | 2022-08-30 | 郑云山 | Anonymous credential verification method and system based on block chain and zero-knowledge proof |
| CN115842657A (en) * | 2022-11-15 | 2023-03-24 | 国网辽宁省电力有限公司本溪供电公司 | Internet of things anonymous identity authentication method and device based on block chain |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080295151A1 (en) * | 2007-03-18 | 2008-11-27 | Tiejun Jay Xia | Method and system for anonymous information verification |
| US8799656B2 (en) * | 2010-07-26 | 2014-08-05 | Intel Corporation | Methods for anonymous authentication and key agreement |
| US8627422B2 (en) * | 2010-11-06 | 2014-01-07 | Qualcomm Incorporated | Authentication in secure user plane location (SUPL) systems |
| US10305693B2 (en) * | 2016-11-03 | 2019-05-28 | International Business Machines Corporation | Anonymous secure socket layer certificate verification in a trusted group |
-
2023
- 2023-04-18 CN CN202310411126.7A patent/CN116471081B/en not_active Expired - Fee Related
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013177304A2 (en) * | 2012-05-22 | 2013-11-28 | Partnet, Inc. | Systems and methods for verifying uniqueness in anonymous authentication |
| EP3661165A1 (en) * | 2015-06-09 | 2020-06-03 | Intel Corporation | System, apparatus and method for privacy preserving distributed attestation for devices |
| CN107360571A (en) * | 2017-09-08 | 2017-11-17 | 哈尔滨工业大学深圳研究生院 | Anonymity in a mobile network is mutually authenticated and key agreement protocol |
| CN108964919A (en) * | 2018-05-02 | 2018-12-07 | 西南石油大学 | The lightweight anonymous authentication method with secret protection based on car networking |
| KR20200016506A (en) * | 2018-08-07 | 2020-02-17 | 한국스마트인증 주식회사 | Method for Establishing Anonymous Digital Identity |
| CN109768861A (en) * | 2019-01-24 | 2019-05-17 | 西安电子科技大学 | Massive D2D anonymous discovery authentication and key agreement method |
| CN110071797A (en) * | 2019-02-01 | 2019-07-30 | 湖州师范学院 | The method of assumed name change car networking privacy-protection certification based on mixing context |
| CN111369251A (en) * | 2020-03-07 | 2020-07-03 | 中国人民解放军国防科技大学 | Block chain transaction supervision method based on user secondary identity structure |
| CN112468445A (en) * | 2020-10-29 | 2021-03-09 | 广西电网有限责任公司 | AMI lightweight data privacy protection method for power Internet of things |
| CN114978622A (en) * | 2022-05-08 | 2022-08-30 | 郑云山 | Anonymous credential verification method and system based on block chain and zero-knowledge proof |
| CN115842657A (en) * | 2022-11-15 | 2023-03-24 | 国网辽宁省电力有限公司本溪供电公司 | Internet of things anonymous identity authentication method and device based on block chain |
Non-Patent Citations (3)
| Title |
|---|
| 《Anonymous user authentication with secured storage and sharing of data on cloud》;Manisha D Karad 等;《IEEE》;全文 * |
| 《资源池化管理模型的资源匿名验证方案》;王海宇 等;《移动通信》;全文 * |
| 《车联网中隐私保护和安全认证技术的研究》;刘晴;《中国优秀硕士学位论文全文数据库》;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116471081A (en) | 2023-07-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US12200113B2 (en) | Consensus-based online authentication | |
| CN111092717B (en) | Secure and reliable communication method based on group authentication in smart home environment | |
| US7958362B2 (en) | User authentication based on asymmetric cryptography utilizing RSA with personalized secret | |
| CN106878318B (en) | A blockchain real-time polling cloud system | |
| EP1701283B1 (en) | Method and System for Asymmetric Key Security | |
| CN116633530B (en) | Quantum key transmission methods, devices and systems | |
| US8683209B2 (en) | Method and apparatus for pseudonym generation and authentication | |
| US9531540B2 (en) | Secure token-based signature schemes using look-up tables | |
| US20150113283A1 (en) | Protecting credentials against physical capture of a computing device | |
| CN111769938B (en) | Key management system and data verification system of block chain sensor | |
| US10263782B2 (en) | Soft-token authentication system | |
| US10856146B2 (en) | Electronic device verification | |
| KR101004829B1 (en) | Apparatus and Method for Direct Anonymous Proof from Bilinear Maps | |
| CA2795745A1 (en) | Cryptographic document processing in a network | |
| CN112948789B (en) | Identity authentication method and device, storage medium and electronic equipment | |
| CN110955918A (en) | A contract text protection method based on RSA encryption sha-256 digital signature | |
| CN118233218B (en) | Remote authentication system and method based on distributed trusted execution environment application | |
| CN117335989A (en) | Safety application method in internet system based on national cryptographic algorithm | |
| CN117692227A (en) | Private data safe sharing method based on blockchain | |
| WO2008020991A2 (en) | Notarized federated identity management | |
| TW201539239A (en) | Server, user device, and method of interaction between user device and server | |
| CN114401153B (en) | Authentication method and system for smart manhole cover equipment | |
| CN114003888B (en) | Bidirectional authentication method and device for storage system access based on hardware information | |
| Chernyi et al. | Security of electronic digital signature in maritime industry | |
| CN119788279A (en) | Communication method of terminal, communication method of server, controller, terminal and server |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20231212 |